My one caution is that encryption is processor intensive. I wouldn't encrypt until you actually have a cart (like I wouldn't arbitrarily encrypt every session to start with).
-mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 Skype: markakruger www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Jake Churchill [mailto:reyna...@gmail.com] Sent: Friday, February 11, 2011 10:32 AM To: cf-talk Subject: AES Encryption Limits Hello All. I am working on a database driven session environment that is used on a shopping cart. The cart is not currently PCI complient so I am working on encrypting certain items. The session is stored in the DB as a WDDX packet in an ntext field. Rather than parsing the structure and encrypting just certain pieces of data, I was playing with the idea of encrypting the entire WDDX packet. This works fine in my tests, but I am worried about any possible limits I might reach. Theoretically, the WDDX string could be enormous as there is nothing limiting the size of carts in this system. Does anyone know if I'll potentially hit some kind of limit using this method of encryption? This will determin the path I take. If there is no limit, I'll just make my life easy and encrypt the entire thing. If there is a limit, I'll write some code to parse out the structure and only encrypt certain members. Thanks in advance. -Jake ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342141 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm